Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple denies researchers’ claims of bypassing iOS passcode using Siri

Vulnerability Lab researchers claim that multiple passcode bypass vulnerabilities are present in Apple iOS versions 9.0, 9.1 and 9.2.1, but Apple denied those claims.

The vulnerabilities are reportedly in the Appstore, Buy more Tones or Weather Channel links of the Clock, Event Calendar and Siri user interfaces, according to a Monday post.   

The researchers said the bugs can be exploited by an attacker that has physical access to the device and without a privileged or restricted device user account.

The post detailed four ways to trigger the vulnerabilities by making voice requests through Siri and using an internal browser link request.

End users can temporarily patch the vulnerabilities by "hardening of the device settings" by deactivating the Siri module and other features, researchers said.

Apple denied the vulnerabilities existed and told SCMagazine.com that each of the exploits requires an enrolled fingerprint with Touch ID or a passcode.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.